Documentation / Roles / System / nginx

nginx

Source Code Build Status License: MIT

Setup nginx webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage.


Default Variables

nginx_access_log

Default value

nginx_access_log:
  enabled: true
  file: /var/log/nginx/access.log
  format: main

nginx_client_body_buffer_size

Default value

nginx_client_body_buffer_size: 10k

nginx_client_body_timeout

Default value

nginx_client_body_timeout: 60

nginx_client_header_buffer_size

Default value

nginx_client_header_buffer_size: 1k

nginx_client_header_timeout

Default value

nginx_client_header_timeout: 60

nginx_client_max_body_size

Default value

nginx_client_max_body_size: 8m

nginx_csp_enabled

Default value

nginx_csp_enabled: false

nginx_csp_options

Example usage

nginx_csp_options:
  - directive: frame-ancestors
    parameters:
      - https://example.com
      - https://mypage.com

nginx_error_location

Default error location. If set, the defined location will be automatically added once to every server block to handle custom error sites.

Default value

nginx_error_location: []

Example usage

nginx_error_location:
  - match: /
    root: /var/www/vhosts/default
    index: index.html
    custom_options:

nginx_error_log

Default value

nginx_error_log:
  enabled: true
  file: /var/log/nginx/error.log
  level: error

nginx_error_page

Default value

nginx_error_page: []

Example usage


nginx_group

Default value

nginx_group: nginx

nginx_gzip_comp_level

Default value

nginx_gzip_comp_level: 2

nginx_gzip_enabled

Default value

nginx_gzip_enabled: true

nginx_gzip_min_length

Default value

nginx_gzip_min_length: 1000

nginx_gzip_proxied

Default value

nginx_gzip_proxied:
  - expired
  - no-cache
  - no-store
  - private
  - auth

nginx_gzip_types

Default value

nginx_gzip_types:
  - text/plain
  - application/x-javascript
  - text/xml
  - text/css
  - application/xml

nginx_hsts_options

Default value

nginx_hsts_options:
  - max-age=63072000
  - includeSubDomains

nginx_keepalive_timeout

Default value

nginx_keepalive_timeout: 65

nginx_maps

Default value

nginx_maps: []

Example usage

nginx_maps:
  - input: $input
    output: $output
    parameters:
      - "default 0"
      - "/old/path /new_path"

nginx_maps_extra

Default value

nginx_maps_extra: []

nginx_official_repo_enabled

Default value

nginx_official_repo_enabled: true

nginx_reset_timedout_connection

Default value

nginx_reset_timedout_connection: true

nginx_send_timeout

Default value

nginx_send_timeout: 60

nginx_server_names_hash_bucket_size

Default value

nginx_server_names_hash_bucket_size: 32

nginx_tls_certificates

Default value

nginx_tls_certificates: []

Example usage

nginx_tls_certificates:
  - source: "{{ ansible_user_dir }}/files/mycert.pem"
    dest: /etc/pki/tls/certs/mycert.pem
    mode: 0644
  - source: "{{ ansible_user_dir }}/files/mykey.pem"
    dest: /etc/pki/tls/private/mykey.pem
    mode: 0600

nginx_tls_certificates_extra

Default value

nginx_tls_certificates_extra: []

nginx_tls_ciphers

Default value

nginx_tls_ciphers:
  - ECDHE-RSA-AES256-GCM-SHA512
  - DHE-RSA-AES256-GCM-SHA512
  - ECDHE-RSA-AES256-GCM-SHA384
  - DHE-RSA-AES256-GCM-SHA384
  - ECDHE-RSA-AES256-SHA384

nginx_tls_dhparam_file

Default value

nginx_tls_dhparam_file: _unset_

nginx_tls_dhparam_size

Default value

nginx_tls_dhparam_size: 2048

nginx_tls_ecdh_curve

Default value

nginx_tls_ecdh_curve: _unset_

nginx_tls_enabled

Default value

nginx_tls_enabled: false

nginx_tls_hsts_enabled

Default value

nginx_tls_hsts_enabled: false

nginx_tls_ocsp_enabled

Default value

nginx_tls_ocsp_enabled: false

nginx_tls_ocsp_trusted_certificate

Default value

nginx_tls_ocsp_trusted_certificate: _unset_

nginx_tls_versions

Default value

nginx_tls_versions:
  - TLSv1.2

nginx_user

Default value

nginx_user: nginx

nginx_vhosts_default

Default value

nginx_vhosts_default:
  - file: default
    servers:
      - port: 80
        server_name: '{{ ansible_fqdn }}'
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html
          - match: /50x.html
            root: /usr/share/nginx/html
        custom_options:
          - error_page 500 502 503 504 /50x.html

Example usage

nginx_vhosts_default:
  - file: default
    upstreams:
      - name: my_pool
        servers: []
    servers:
      - port: 80
        server_name: demo.example.com
        tls_redirect: False # skips locations if enabled
        tls_redirect_url:
        tls:
          cert: /etc/pki/tls/certs/mycert.pem
          key: /etc/pki/tls/private/mykey.pem
          dhparam:
        client_max_body_size:
        send_timeout:
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html
            proxy_pass:
            proxy_http_version: "1.1"
            proxy_buffering: "off"
            proxy_connect_timeout: 3600s
            proxy_read_timeout: 3600s
            proxy_send_timeout: 3600s
            proxy_headers: []
            proxy_intercept_errors: "off"
            custom_options:
        custom_options:
          - 'deny: all'

nginx_vhosts_dir

Default value

nginx_vhosts_dir: /var/www/vhosts

nginx_vhosts_extra

Default value

nginx_vhosts_extra: []

nginx_worker_connections

Default value

nginx_worker_connections: 1024

nginx_worker_processes

Default value

nginx_worker_processes: 1

nginx_xcto_enabled

Default value

nginx_xcto_enabled: true

nginx_xfo_enabled

Default value

nginx_xfo_enabled: true

nginx_xfo_policy

Default value

nginx_xfo_policy: deny

nginx_xxxsp_enabled

Default value

nginx_xxxsp_enabled: true

nginx_xxxsp_parameters

Default value

nginx_xxxsp_parameters:
  - mode=block

Dependencies

None.